Password Synchronization with Google Workspace (formerly G-Suite)

Prerequisite

Steps to enable API access in Google Workspace

IMPORTANT:

  • Install the Password Sync Agent to synchronize native password changes and resets.
  • Before you can configure G-Suite with ADSelfService Plus for Password Synchronization, you have to enable Domain Admin API access in G-Suite.
  1. Go to Google Admin console
  2. Logon using your Google Workspace Administrator account
  3. Create a new project named ADSelfService Plus
  4. In the APIs and Services pane on the left, click the Library link. Under the Google Enterprise APIs, locate Admin SDK and turn it on.
  5. In the left pane, click the Credentials link
  6. In the right hand side, click the Create Credentials button and select Service Account.
  7. Enter a name for the service account and provide the role of Project owner for the service account.
  8. The service account email is the one that is mentioned in the Email column. Click on the link to edit.
  9. Click on the Show Domain-Wide Delegation and mark the checkbox against Enable Google Workspace Domain-wide Delegation. After saving a copy, the client ID is created.
  10. In the Keys tab on the top of the page, select the Add Key → Create New Key. Select type as P12 and click Create. You will now receive a P12 file. Save this file to your computer and click Close.
  11. Grant domain-wide authority to this Service Account, using the steps mentioned below.

Your service account now has domain-wide access to the Google Admin SDK Directory API for all the users of your domain.

Steps to configure Google Workspace with ADSelfService Plus

  1. Log into ADSelfService Plus admin console with admin credentials.
  2. Navigate to Configuration → Self-Service → Password Sync/ Single Sign On.
  3. Select the G-Suite application.
  4. Note: You can also find G-Suite application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  5. Enter the Application Name and Description.
  6. Enter the Domain name (e.g.: adselfserviceplus.com) of your Google Workspace domain.
  7. In the Assign Policies field, select the policies for which password sync need to be enabled.
  8. Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
  9. Select Enable Password Sync.
  10. Enter the User Name (e.g.: demo@adselfserviceplus.com) of the Google Workspace admin account.
  11. Enter the Service Account Email (e.g.: 428499212222-9csoom2llko9292ro21rhm411214lkrh@developer.gserviceaccount.com) which was created in the previous step, from Google Workspace.
  12. Select the relevant P12 Key File of Google Workspace admin account.
  13. Click Add Application.

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2023, ZOHO Corp. All Rights Reserved.